Changeset 53455 for trunk/src/wp-admin/includes/class-custom-image-header.php

Timestamp:

06/01/2022 06:12:25 PM (3 years ago)

Author:

SergeyBiryukov

Message:

General: Replace all esc_url_raw() calls in core with sanitize_url().

This aims to improve performance by calling sanitize_url() directly, instead of the esc_url_raw() wrapper. As of WordPress 6.1, sanitize_url() is the recommended function for sanitizing a URL for database or redirect usage.

Follow-up to [11383], [13096], [51597], [53452].

Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes #55852.

File:

• trunk/src/wp-admin/includes/class-custom-image-header.php (modified) (2 diffs)

trunk/src/wp-admin/includes/class-custom-image-header.php

@@ -1160 +1160 @@
             }
 
-            $choice['url'] = esc_url_raw( $choice['url'] );
+            $choice['url'] = sanitize_url( $choice['url'] );
 
             $header_image_data = (object) array(
@@ -1198 +1198 @@
         }
 
-        set_theme_mod( 'header_image', esc_url_raw( $header_image_data['url'] ) );
+        set_theme_mod( 'header_image', sanitize_url( $header_image_data['url'] ) );
         set_theme_mod( 'header_image_data', $header_image_data );
     }